COLUMN

Security is a dirty word in the world of social inclusion

By Ron Condon 26 Mar 2008 | SearchSecurity.co.UK Digg This!     StumbleUpon     Del.icio.us

I got a taste this week of the sort of reaction many security professionals find when they ask the question: "But is it secure?"

I was at a conference about social inclusion which was looking at the power of technology to help people who, for various reasons, find themselves outside the mainstream of society. Delegates represented local government and a range of charities, all of whom were working to open up the world of the internet and provide services to the old, the poor, the blind, deaf and otherwise disabled people.

They all had the best of motives and spoke in fulsome terms about some of the successful projects that had already been achieved around the country.

But there was a problem. While 90% of all public services can now be accessed online (hurrah), two-thirds of the population have never used them (boo). And that two-thirds tended to be people living in social housing, or with a disability. If only these people could be shown the power of technology, the speakers said, they could reconnect to the rest of community and become proper citizens of the country.

No arguing with that. And because online services are so much cheaper to deliver than traditional face-to-face transactions, it would save the country a packet into the bargain.

But when the time for questions arrived, I took the opportunity to suggest that we need to be sure that security is tight before going for a blanket implementation of technology for the masses.

After all, the Government has hardly covered itself in glory over the last few months with its handling of private and personal information. And the word 'technology' in this context is usually shorthand for a Windows PC, which as we know, can be a dangerous tool in the wrong hands.

The first response came from Government speaker, Bert Provan, who is involved with the National Strategy for Neighbourhood Renewal. While admitting there had been a bit of a "hiatus" after the recent embarrassing losses of data from Government departments, he said there was no need for concern. In fact, we should see new plans for data sharing across Government by the autumn. And we should not worry about this either, because all Government data sits on a private network and only anonymised data would be shared between departments anyway. So that's OK, then.

Then the man from Citizens Online got stuck in. All this security stuff was "scaremongering", he said. As if to prove the point, he asked how many people in the audience did online banking, and many hands went up. There you are, he said, a group of intelligent people who all think it's OK to do online banking, so it must be safe.

By this time, I was sinking in my seat feeling, as Billy Connolly once put it, "about as welcome as a fart in a spacesuit." But then a third speaker gave me reason for hope. Ian Clifford of UK Online Centres spends his life going around introducing technology to the uninitiated, and yes, he thought we needed to give more though to security. Hallelujah.

It was a small consolation, though. I felt that I'd put a damper on the proceedings by bringing up an awkward truth. And yet, I couldn't help thinking that if these proponents of social inclusion actually raised the security issue themselves – and tackled the awkward questions head-on, rather than burying them – they might have a better chance of attracting that two-thirds of the population who don't use the Government's e-services.

At the moment, Britain's record on getting e-government accepted is poor. According to research by Deloitte, we spend 1.2% of GDP to get less than a third of people to use e-services. By contrast Holland spends just 0.7% of GDP and has nearly half of its population online. Norway gets more than half of its population and spends 0.8%.

I'd like to think a greater emphasis on security here would encourage more people on line. But I fear, as many infosec professionals find in their daily lives, you get few thanks for pointing it out.

Tags: Security Policies and User Awareness,  Data Protection Solutions and Strategy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Policies and User Awareness Cloud-based services require stalwart business continuity plans Preventing phishing attacks: Enterprise best practices CISOs take measured steps to reduce social media risks Increasing information security awareness in the enterprise How to develop a culture of security in the enterprise Creating and enforcing a clear-desk policy Physical security threats: Don't gift your data away Cut down on calls to help desk with cybersecurity awareness training Layoffs prompt insider threat fears, cybersecurity survey finds How to write an information security policy Data Protection Solutions and Strategy Enterprise data management: Prevent data loss and insider threats NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel Make PCI DSS compliance easier by reducing scope, outsourcing data Data Protection Act fines likely limited, audit powers may expand Websense integrated security system aims to simplify security management Full disk encryption: Safer and easier than file and folder encryption No major PCI DSS revision expected in 2010 Data breach costs continue to rise in 2009, Ponemon study finds Chinese hacker attacks target Google Gmail accounts, top tech firms Annual security reports offer some hope

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Financial Services Authority  (SearchSecurityUK.com) IISP (Institute of Information Security Professionals)  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary